Data Sheet

U.S. State Protection Laws 1st Half 2019

In the first six months of 2019, the U.S. state legislatures or regulatory agencies have brought into force more consumer‑centric data protection laws than in all of 2018.

Noteworthy among these laws are (1) Oregon’s Internet of Things (IoT) law, the second in the nation, (2) Nevada’s prohibition of sales of personal information by website operators and (3) Maine’s prohibition of sales of customer personal information by Internet Service Providers (ISPs).


Additional notes regarding regulations:

  • Limited to insurers
  • “Without undue delay,” “as soon as practicable,” or the functional equivalent thereof
  • Limited to internet service providers (ISPs)
  • Apparently applies to non-profits
  • Applies to chartered financial institutions
  • Limited to manufacturers of internet-connected devices